Monday - Friday, 6-9 a.m.

Host Tom Temin brings you the latest news affecting the federal community each weekday morning, featuring interviews with top government executives and contractors. Listen live from 6 to 9 a.m. or download archived interviews below.

Industry, government find common ground in cyber realm

By
Jolie Lee

Cybersecurity Panel on Public-Private Partnerships

Gallery: (7 images)

The level and type of public-private information sharing on cybersecurity has
expanded, particularly
since 2007 when the Defense Department kicked off the Defense Industrial Base
pilot program. The concept of information sharing, however, has existed
for at least the
past decade.

"It's the idea of crowdsourcing before the term crowdsourcing came up," said Jason
Miller, executive editor of Federal News Radio. "All of us together are smarter
than each of us alone."

The Federal Drive with Tom Temin and Emily Kopp hosted a
panel discussion with Miller and Scott Algeier, executive director of the
Information Technology-Information Sharing and Analysis Center (IT-ISAC) and vice
chair of the National Council of ISACs (NCI), as part of the multimedia special
report Cybersecurity Rising.

Algeier said the key to a successful public-private partnership in cyber info
sharing is to treat each party as an equal. Both parties, however, must also
recognize that each has different goals when it comes to protecting networks, he
said.

"Industry views it from the business perspective. I have business assets I need to
protect. They manage that risk like they manage a lot of other risks. There's only
so many dollars industry can spend without impacting shareholder value," Algeier
said. "The government views this from a national security perspective, so their
tolerance for risk, I think, is a lot less."

Industry and government must first identify common issues to work on and develop a
plan jointly, Algeier said.

"I don't think it's enough for industry to be shared documentation that says, this
is our plan and you have a week to tell us what you think," he said.

Establishing info sharing center

As agencies move more to e-gov and e-commerce, the government has become
increasingly dependent on the private sector, Miller said.

The federal government realized, "The partnership has got to be stronger," he
said.

The National Cybersecurity and Communications Integration Center (NCCIC), launched in
2009, is the "nexus of information sharing between the government and the
private sector," said Mark Weatherford, the deputy undersecretary for
cybersecurity at the Homeland Security Department, in an interview with Miller.

IT-ISAC is part of the NCCIC forum. Once industry shares information
with NCCIC, that information is distributed to other agencies.

"To bring it full circle, a lot of my members, a lot of IT companies, are actually contractors to those agencies. They then ...develop the tools and technologies," Algeier said.

Workforce skills

Industry and agencies each have skills they can share with each other. Industry,
for example, has done a good job securing new networks, Algeier said.

"They repel thousands of attacks a day on their networks. I'm not going to sit
here and say all industry networks are as secure as they can be, but I think the
overall track record of industry securing new networks is pretty strong," he said.

On the other hand, some agencies have cyber skillsets that are as good or better
than across industry, Miller said. Some examples could be found at the National
Security Agency or the U.S. Cyber Command, he said.

"I think the government sometimes gets a bad rap, but they're the ones developing
[or funding] a lot of the cutting-edge technology that industry kind of
commercializes and broadens and makes it better," Miller said.

Today's panel is part of Federal News Radio's multimedia project Cybersecurity Rising, which focuses on the progress federal
agencies have made in the last six years on securing their systems and protecting
their networks.